CVE-2017-3181

CRITICAL

TIBCO Spotfire Analyst 7.7.0 - SQL Injection

Title source: llm

Description

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

https://www.securityfocus.com/bid/95696

Scores

CVSS v3 9.8

EPSS 0.0059

EPSS Percentile 69.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (9)

tibco/spotfire_analyst 7.7.0

tibco/spotfire_client

tibco/spotfire_connectors 7.6.0

tibco/spotfire_deployment_kit 7.7.0

tibco/spotfire_desktop 7.6.0

tibco/spotfire_desktop 7.7.0 (2 CPE variants)

tibco/spotfire_desktop_language_packs 7.6.0

tibco/spotfire_desktop_language_packs 7.7.0

tibco/spotfire_web_player_client

Published Jul 24, 2018

Tracked Since Feb 18, 2026